CVE-2026-45712

creationtimestamp| type| source ---|---|--- 2026-05-14 04:53:15+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-w4vj-r5pg-3722...

CVE-2026-46378

creationtimestamp| type| source ---|---|--- 2026-05-13 20:50:17+00:00| published-proof-of-concept| https://github.com/TomWright/dasel/security/advisories/GHSA-m6xr-fvfg-5g64...

CVE-2026-42853

creationtimestamp| type| source ---|---|--- 2026-05-13 19:29:14+00:00| published-proof-of-concept| https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-hcwq-x9fw-8cfq...

CVE-2026-46357

creationtimestamp| type| source ---|---|--- 2026-05-13 18:46:15+00:00| published-proof-of-concept| https://github.com/haxtheweb/issues/security/advisories/GHSA-9r33-xhw8-4qqp 2026-06-05 21:20:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnl2wssjwa2z...

jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

...

CVE-2026-45300

creationtimestamp| type| source ---|---|--- 2026-05-12 21:02:02+00:00| published-proof-of-concept| https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-fmxf-pm6p-7xgm 2026-06-05 21:15:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnl2nqfonh2z...

Improper Authentication

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authentication when DIGEST authentication is configured. An attacker can gain unauthorized access by providing any...

Improper Authorization

Overview tomcat:catalina is a library that contains Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization in the processing of security constraints when multiple method constraints define an HTTP method for the...

Improper Handling of Case Sensitivity

Overview org.apache.tomcat:catalina is a Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the LockOutRealm function. An attacker can bypass account lockout protections by submitting usernames wit...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the...

CVE-2026-45715

creationtimestamp| type| source ---|---|--- 2026-05-12 10:25:47+00:00| published-proof-of-concept| https://github.com/Budibase/budibase/security/advisories/GHSA-fgqv-jh4g-pvg2...

EUVD-2026-29350

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...

CVE-2026-44650

creationtimestamp| type| source ---|---|--- 2026-05-11 20:56:16+00:00| published-proof-of-concept| https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-886q-f44j-h6wh 2026-05-30 01:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmztyqckho2g...

CVE-2026-45666

creationtimestamp| type| source ---|---|--- 2026-05-11 19:03:58+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-x3qm-p8hr-3c3h...

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

CVE-2026-43895

jq versions 1.8.1 and earlier are affected: embedded NUL bytes in import paths at the jq-language level can be resolved differently during module/data-file lookup, creating a mismatch between the logical import string and the on-disk path opened. This mismatch can enable a local redaction-policy ...

SUSE CVE-2026-8258

A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...

SUSE CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

CVE-2026-44582

creationtimestamp| type| source ---|---|--- 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107...

CVE-2026-44572

creationtimestamp| type| source ---|---|--- 2026-05-11 06:42:58+00:00| published-proof-of-concept| https://t.me/htfgtps/1107...